Posted: September 13th, 2017

CNET 342

Paper, Order, or Assignment Requirements

i going to upload the assessment please follow all the instructors and I’m going to applaud the lectures and a personal profile as well,
please use references as much as the report need
finally, if you have any question please ask
 

Task 1: Download a packet trace from Google Drive (see notes below) and analyse it using any preferred method to determine:

• Trace characteristics: start/end, number of packets and bytes, packets and bytes rates – average values and evolution over time (max 10 points)
• Top IP addresses and transport ports (max 10 points)
• Packet size: min, max, average, standard deviation, cumulative distribution (you may want to use intervals instead of individual packet sizes; e.g. 0-64, 64-96, 96-128,128-256,256-512,512-1024,1024- bytes) (max 5 points)
• RTT: min, max, average, standard deviation, cumulative distribution (exclude zero values) (max 5 points)

Describe the commands/methods used for analysis and comment on the results. For plotting variables over time and distributions, you may use gnuplot,as well as the plot.sh and histogram.sh scripts, or any other graphing tools.

• points)

Task 2: Download a netflow trace from Google Drive (see notes below) and analyse it using any preferred method to determine:

• Identify local network and number of hosts (max 5 points)
• Evolution over time – connections, packets, and bytes rates (max 5 points)
• Top users, ports; distribution of protocols (TCP/UDP/ICMP/other) (max 10 points)
• Flow size: min, max, average, standard deviation, cumulative distribution (max 10 points)

Describe the commands/methods used for analysis and comment on the results. For plotting variables over time and distributions, you may use gnuplot,as well as the plot.sh and histogram.sh scripts, or any other graphing tools.

• points)

Task3: Generate a single web download and capture the traffic of that one TCP connection. The capture must be performed using pcap-compatible software (windump or tcpdump). The maximum size of the downloaded object must be less than 4MB. For the captured packet trace, perform the analysis tasks below:

• Describe the timeline of events within the connection (initiation, closing, transfer) using clear references to timestamps (max 10 points)
• Calculate RTT (provide three samples using SEQ/ACK matching) and bottleneck bandwidth (provide at least three samples using interarrival times) (max 10 points)
• Explain the behaviour of the sender (using the sequence of received packets), in the slow start phase; identify and explain any packet loss (max 10 points)
• Compare RTT results with tcptrace analysis output and ping/traceroute results; compare bandwidth results with speedtest.net results (max 10 points)

(40 points)

Notes:

• You can access both the packet traces and netflow traces mentioned below at:

https://drive.google.com/folderview?id=0Bww7YGmKKsS-bU9PMDZ3NUZUU1U&usp=sharing  ). Contact the module leader if you encounter any problems accessing the fines.

• Task 1
  • Ten packet traces for analysis were stored on Google Drive and can be downloaded using this link: https://drive.google.com/folderview?id=0Bww7YGmKKsS-VkdvLUtOaUZJUkk&usp=sharing
  • Each group must pick one trace, using the last digit of the Plymouth ID of one of its members. For example, a group where one of the members has an ID of 10325476 should download file zip, unzip the archive, and analyse the trace file 6.dump
• Task 2
  • Ten netflow traces for analysis were stored on Google Drive (both in binary and text output format) and can be downloaded using this link:

https://drive.google.com/folderview?id=0Bww7YGmKKsS-ZFNfUUJJaXR6ZTA&usp=sharing

• The traces were collected and processed using the nfdump software – http://sourceforge.net/projects/nfdump/
• Each group must pick one trace, using the last digit of the Plymouth ID of one of its members; if you have problems running nfdump to decode the file, you can download the corresponding text output file. For example, a group where one of the members has an ID of 10325476 should download file nf.zip, unzip the archive, and analyse the netflow file 6.nf.
• If you have problems running nfdump, you can downloadout.zip, unzip the archive and analyse the output 6.out

• Task 3
  • For the groups of three people, each student must submit a separate file and associated analysis – make sure you clearly indicate which member of the group submitted each analysis section.
  • As part of the submission, you must include in the report submission the packet trace you analyse. If the trace is not included or the file is unreadable for various reasons, you will get zero points for the task. If the same packet trace is submitted and/or analysed by more than one group – zero points for the task for all the students involved.
  • Points will be deducted if the packet trace includes more than one TCP connection or any other non-TCP traffic
  • If you do not have your own PC with a network connection and the ability to install the required packet capture programs, you should run the packet capture in the lab and output the trace it in text format for later analysis.
  • You must include in the answer some of the packets from the trace, as shown by windump, tcpdump, or tshark (not all; just the ones involved in various calculations, as per the examples in the lectures). Use windump/tcpdump / tshark output, which is text and therefore easier to handle, not wireshark screenshots.

• As part of the assignment, do not attempt any actions that could be interpreted as network hacking/attack attempts. Examples of such actions include capturing packets from other computers by setting the NIC in promiscuous mode or using other tools (such as network scanners or other hacking utilities) to investigate network configuration.
• The report should not be longer than 3000 words, excluding any text from diagrams, tables, images, or trace output (this is a maximum limit, not a recommended limit!)